I’ve been trying for a week to make a workflow activity that would parse all user profiles and find a user with a specific title. At first sight it’s a straightforward activity, instantiating a UserProfileManager from the current context and then doing a foreach loop.
Well, accessing user profiles requires an authorized user. In order to overcome this, in my activity I create a delegate that runs with elevated privileges (SPRunWithElevatedPrivileges method). I also instantiate a new SPSite context with the GUID of the SPSite already passed from SharePoint, because the original SPSite is associated with the caller identity, not the impersonated identity.
It didn’t work, either. I always got a “Access Denied: Only an administrator may enumerate through all user profiles.” error. Other people also got this error in the same circumstances (for example here). However, in my lab MOSS deployment (single-server) it worked OK. I was puzzled.
Thanks to my friend at Microsoft, Carlos, I was able to make it work.
The catch is that the impersonated user is the Application Pool identity. You have to assign to this account (NETWORK SERVICE in my case) two specific rights for Personalization Services Permissions (/ssp/admin/_layouts/ManageServicePermissions.aspx) at Shared Services administration page. Those rights are Use Personal Features and Manage User Profiles.